The security vulnerability footprint is much higher when using dynamic sql over a properly written parametrized stored procedure.

I apologize to the original poster for getting off the "thread" topic.